Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Thu, Apr 19, 2001 at 11:46:11PM +1000, Daniel Stone wrote:
> > I.E., nothing. Give me an example of one situation where this would
> > accomplish more than stalling an attacker for a few seconds.
> If I have control over the 203.36.158.* reverse DNS (Telstra are stupid
> enough to not be able to delegate the part of it that's mine, I've long
> stopped caring), and I could easily have, all you would log is a connection
> from scriptkiddie.fuckyou.microsoft.com.
No. I'd log a connection from 184.108.40.206. My box would resolve this
(correctly) to scriptkiddie.fuckyou.microsoft.com but that's hardly relevant,
since IP addresses are logged and not hostnames (I've already asked for an
example of a service that only logs hostnames and people have yet to provide
xinetd logs IP addresses
ssh logs IP addresses
Linux logs IP addresses (in lastlog)
tcpd logs IP addresses (when not running in PARANOID mode and hostname
doesn't match IP address)
So, which services are we protecting?
> And, if someone's DNS is that legitimately broken, someone needs to
> seriously LART the person doing the DNS with a clue-by-four. Otherwise
> no-one will realise, because nothing will break. But it SHOULD break, if
> something's that fucked up.
Why should it break? Who says DNS must be correctly configured? Why do you
advocate that we should rely on DNS information at all? What's so special
about it? It's an insecure protocol that runs on (for the most part)
> > After hearing things like this it's not hard for me to understand why a lot
> > of people hate Debian Developers and think they're all assholes.
> Some more than others. All have different ways of making a point - some very
> diplomatic (imho not the best way), some reasonably forceful (pretty good
> idea), and some just calling the other a "fuckwit" (not the best idea in
> some situations).
It wasn't his way of making the point, it was the point itself.
Adam McKenna <firstname.lastname@example.org> <email@example.com>